Basic Job Responsibilities
Conducts investigations and responds to internal and external security threats.
Oversees, responds to, and remediates DLP (data loss prevention) and SIEM events from on premise and cloud systems.
Implements advanced security monitoring techniques to identify malicious behavior on SaaS, cloud systems, network, servers, and endpoints.
Manages, administrates, and improves security monitoring products for DLP, SIEM, EDR, AV, Cloud Security products, IDS and other industry standard security technologies.
Develops automation response scripts to remediate commodity threats.
Performs threat hunting activities to identify compromised resources.
Understands and performs threat analysis utilizing industry standard frameworks (kill chain and diamond model).
Performs threat research and intelligence gathering to improve detection and response capabilities.
Proposes and helps review security plans and policies to improve the security environment.
Maintains operational playbooks, process diagrams and documentation for security monitoring and response.
Reviews proposed Security deployments to ensure security monitoring requirements are met.
Other duties may be assigned as needed to address new security threats facing the enterprise environment.
Provides off hour support as needed for security monitoring and response activities. Incident Response
Works closely with MSSP services, external forensic providers, and in house IT teams to respond to and remediate security incidents both internal and external.
Reviews compromised systems to identify root cause of security incidents and remediation actions that need to be taken.
Researches new TTPs (tactics, techniques, and procedures) that threat actors are utilizing to undermine enterprise IT environments.
Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities.
Any graduate